If the true password hash is never passed to the server over the network, how can a malicious user “crack” my password when they only have the hashed response?
In the malicious telnet server scenario, the telnet server would maintain a copy of both the server-issued challenge and the response received from the client. A brute force password-cracking program could hash the results of all the possible password hashes, derived above, with the server issued challenge. The resulting value is compared against the response hash obtained by the malicious person. If the response hash (captured from the client) matches the hash value derived from the cracking program, the malicious user would know the password used to produce the initial hash is the user’s password. Because the malicious person controls the telnet server in this scenario, he could adjust the mechanism used to generate the tokens. Instead of sending the client a randomly generated token, a specially created telnet server application could respond with a specific known token that would aid the malicious user in performing offline brute-force password “cracking” efforts.
Related Questions
- I have received my WisCORS user name and password, but I need help to connect my rover to the network. What should I do?
- Can server modules operate based on password-protected logons without requiring the user to know the password?
- Can i crack more than 1 hash simultaneously like most other password cracker softwares do ?
